On Circumventing User Protection Controls in Firefox

Deep customization through add-ons is one of the best features of Firefox, and we’re thrilled to have such a vibrant ecosystem of community-developed extensions, themes, and other kinds of add-ons for users to enjoy. However, it’s extremely important to us that these customizations take place only with the user’s explicit consent in Firefox.

Last year we introduced a new Firefox feature to ensure add-ons dropped into Firefox by third parties would only be enabled if the user agrees. This means that some users may be asked if they’d like to install an add-on by a software installer as well as by Firefox itself, but these extra clicks attempt to ensure the user understands the modifications being applied to Firefox.

Even if an add-on has its own installer, the Firefox add-on opt-in dialog is not optional and must be displayed every time a new add-on is installed from outside of Firefox. Mozilla will take appropriate measures to ensure this is happening, including remotely disabling violating add-ons. This policy applies to all add-ons except those distributed in an enterprise or controlled environment.

We encourage add-on developers who would like to see improvements or changes to these user protection controls to propose them in Bugzilla or a newsgroup.